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Abstract — The network models evolved over a 
long period; the next generation network is the 
loT (Internet of Things). loT is nothing but 
intelligent connectivity between plenty of 
devices. loT derives huge gains in many of the 
ubiquitous applications like smart health, 
smart transport, smart city, and smart home. 
Its vision is to support every walk of life 
including agriculture, and factory automation 
as a part of the industrial revolution and in 
diverse fields. Thus, the loT network will be a 
lifeline for the future digital system. However, 
every system has vulnerabilities due to its 
architectural design and characteristics. These 
vulnerabilities assist and attract attackers to 
plan their strategies. The threats and risks due 
to attacks on the loT application and network 
can cause a serious effect on both users as 
well as service providers, not only financially 
but sometimes fatal too. Therefore, it is an 
essential research issue to put focus on the 
security features of loT. 

The emerging trend of intelligent 
technologies like SDN (Software Defined 
Networking), DL (Deep Learning), AI (Artificial 
Intelligence), and ML (Machine Learning) is 
attracting widespread attention in the research 
community for addressing various security 
issues in the wireless network system. 
Machine learning and deep learning 
techniques are robust technologies that have 
the capabilitv of data exploration and learning. 
The solution developed based on machine 
learning collects data from the sensor nodes 
and based on their capabilitv, it classifies the 
normal and abnormal pattern of the traffic flow 
in the network as well as the behavior of 
networking and information sensing devices 
according to how devices interact with each 
other within the loT ecosvstem. 
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Keywords: Internet of Things (loT), loT Platforms, 
loT Attacks, Authentication, Datasets, 
Technological Providers. 


1. INTRODUCTION 
Over the past decades, the loT platform was 
used in every aspect of Human Life. loT is 
considered a Misnomer as devices need not be 
connected to the public internet, but can be 
connected to Network and can be addressed 
individually. loT Paradigm integrates the Internet 
and various physical objects of several domains. 
In loT, the various electrical devices are interlinked 
with the Server, and information is exchanged, 
without the intervention of Humans. It integrates a 
variety of networks of devices to provide intelligent 
and advanced services. A network is a group of 
peripherals, network devices, servers, computers, 
or other devices connected to allow Data Sharing. 
Providing Network Security for loT devices has 
become a challenging task. [1] 
loT network has become a lifeline for 
the future digital communication system. loT is 
facing more security challenges because of the 
demand for smart devices usages and its 
tremendous easy accessibility. The existing 
security measures and traditional techniques are 
not sufficient to enhance the up-to-date security 
system for the next generation of loT. However, 
every system has associated vulnerabilities due to 
its architecture, design, and characteristics. These 
vulnerabilities assist the attackers to plan their 
strategies. The threats and risks due to attacks on 
the loT application and network can cause a 
serious effect on both users as well as service 
providers. Therefore, it is an essential research 
issue to put focus on the security aspects of loT. 
To detect intruders/attacks and overcome network 
security problems, Machine Learning (ML) is 
considered a powerful technology. [2] 
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Fig.1: Process of Detecting Intruders in Cvber Securitv 
of lot Using MI Achieving Data Security and End-User 
Automated Tasks 
Fig.1 depicts the usage of ML techniques іп 
attaining End-User tasks.ML and DL approaches 
are robust technologies. Furthermore, ML can be 
also very useful for predicting new kinds of attacks 
and unknown attacks, which may be modified 
versions of traditional attacks. It is being observed 
that there are 11,906 journals in the domain of loT 
and out of which 3,137 journals are on security, 
which is approximately 26.4% that shows there is 

active research on the security domain in loT. 


2.10Т 

Тһе сопсері of Smart devices аге discussed 
in early 1982, with a Coca-Cola vending machine, 
the first ARPANET-connected appliance at 
Carnegie Mellon University. It can inventory report 
whether пему loaded drinks аге cold or not. Later 
the word '' Internet of Things' was invented bv 
Kevin Ashton in 1999. As vears passed, the usage 
of Internet Of Things(loT) applications drasticallv 
increased іп various fields like Military 
Applications, Infrastructure Applications, Industrial 
Applications, Organizational Applications, and 
Consumer applications. 

The loT consists of Phvsical Objects, 
interconnected with Software, Sensors, 
Processing ability and other Technologies. It is an 
everything-to-everything communication. They 
communicate and exchange data among 
themselves either by the Internet or by any other 
communication network where each device is 
addressed individually. Figure 2 describes IOT 3- 
Tier Architecture which has three layers. They are 
a) The Perception/Hardware Layer b) The 
Network/Communication Layer and c) The 
Application Layer. 

Perception Layer: This layer comprises PHY 
(Physical) and MAC (Medium Access Control) and 
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deals with hardware like Sensors and Actuators, 
while the MAC layer creates a link between 
Physical devices 8 Networks to provide 
communication. A collection of internet-connected 
devices is connected to detect objects, gather 
data, and communicate with other devices through 
Internet communication networks. Examples: 
GPS (Global Positioning Svstems), Cameras, 
RFID, Sensors, etc. 


» Routers/gatewa 
vs 

» Protocols: 
IPV4,IPV6,TCP/ 
UDP 


| * Protocols: 
71 GPS,WSN,PLC 


Fig 2: Three-Tier Architecture Of lot 

The PHY layer deals with hardware like 
Actuators and Sensors. Network Layer: It forwards 
data from the perception layer to the application 
layer. This layer includes communication and 
messaging protocols. The main communication 
technology in  loT is Wireless Sensor 
Network(WSN). It supports dynamic 
communication based on 802.15.4 standards. 
They contain short-range | communication 
protocols PLC, WiFi, Zigbee, 4G, 5G, Bluetooth, 
etc. Application Layer: It is the upper layer that 
processes the incoming information which helps in 
designing better power distribution апа 
management strategies. The aggregator is an 
important component that acts as a gateway for 
loT architecture. In the loT ecosystem, another 
core element is the cloud. It provides services like 
storage, analytics, and Data processing. It 
provides Data Processing, Privacy Protection, and 
Authentication. Examples: power system 
monitoring, smart cities, energy management, and 
integration of renewable energy generators. [3] 
The below given Fig.3 clearly explains the benefits 
of IOT. 
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Е | : We can remotely update software which are currently running on the different 


EMENT а ын su 


wen Allows to predict failures of the machine and also identify the parts that is needed 
ve : to be replaced. It enables to Monitor, Maintain and Optimize assets for better 


гер 
MANAGE 
wa, Performance. 


НОМАН 
MACHINE. Humans co-work with Artificial Intelligence systems and other machines to 


(01080. attain strengths of both types of intelligence. 


RATION 


сонс. ОТ Eco-system is a broad network which are connected with interdependent 
7? devices and Technologies to attain a specific goal. It has distinct components like 


S Sensors/devices, connectivity, data processing and a User Interface. 


werov With right connectivity of devices and strategically located beacons/sensors we can | 
tb 
eroouc manage better to attain improved adaptation to changing work standards. 


Fig. 3: Benefits Of IOT 


2.1 Applications of IOT 
Fig.4 shows various usages of IOT in different 


fields like Industries, Organisations, Home 
Automations, Medical field and in Militarv. 
CONSUMER 
APPLICATIONS 
Eg: smart 
\ home, health 
х care 
` ч 
MILITARY 
APPLICATIONS БАРАР 
Eg: ocean of APPLICATIONS 
things, қ n 
, Battlefield Em ски. 
ч things 
аг APPLICATIONS w 
х 
Ç. 
INDUSTRIAL 
INFRASTRUCTURE APPLICATIONS 
APPLICATIONS Eg: 
Eg; environment manufacturing, 
RANT z 1 agriculture, 


У maritime 


Fig. 4: Different Usages Of lot In Various Fields 

a) Consumer Applications: loT Applications are 
created for consumer use like Wearables 
technology, connected vehicles, Home 
Automation, Appliances with Remote Monitoring, 
and Connected Health. 

b) Transport: IOT can be used for assisting various 
communication, and control to process information 
over the transportation system. It can be enabled 
in Electronic Toll Collection systems, Smart 
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Parking, Vehicle control, Road assistance, Safety, 
and Fleet management. 

c) Home Automation: It is applied to Electrical, 
Mechanical, and electronic systems in various 
types of buildings. 

d) Industrial Applications: IOT helps in regulating 
and monitoring Industrial svstems. Thev can be 
used to analvze data from locations, people, 
operational technology, etc. 

e) Military applications: loT technologies are 
applied in a military domain for surveillance, 
reconnaissance, and other objectives. It can be 
used for prospects of warfare, human-wearable 
biometrics, robots, vehicles, and also for other 
smart technologies related to the battlefield. (4) 


2.2 Importance of Securitv in loT 
The real-life examples of loT securitv Failures that 
caused major distractions are: 

» In 2010, ап loT attack was Stuxnet, which 
targeted the smart industrv controller which 
utilizes nuclear facilities. Тһе malware 
destroyed one-quarter of centrifuges, bringing 
down nuclear program halt for the next days. 

» In 2015, Russian IOT malware attacked the 
electrical grids of Ukraine, leaving 2,30,000 
people without power. 

> The famous IOT hacks in Mirai, Botnet 
attacked Liberia’s Infrastructure, used brute 
force authentication against ID cameras, as 
these cameras used, most commonly used 
Usernames and passwords, and attacked 
nearly 3,60,000 servers. Hackers also 
attacked websites like Netflix, Reddit, Twitter, 
GitHub, etc. 

> In 2017, a Hacker got access to 2,00,000 
open printers and printed over the internet, 
thereby affecting almost 1,50,000 printers. 

Therefore, providing security to loT 
devices has become a burning and problematic 
task as loT devices use minimal capacity things, 
objects, sensors, and actuators. Moreover, in the 
loT ecosystem, Millions of devices are connected. 
But still, sensitive information needs to be secured 
thoroughly without leaking to intruders to avoid 
major losses. 


2.3 loT security methods using ML 
The defining characteristic of loT is 
interconnectivity among different devices. To 
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collect data from the surrounding sensor devices 
and transfer it to the Internet is the responsibilitv of 
a Gatewav device. In plentv of cases, the use of 
Machine Learning (ML) algorithms for securing loT 
devices and Networks has proved to be extremelv 
beneficial and also given promising results. We 
can use ML ав a practical tool іп тапу 
programming scenarios, especially іп Cyber 
security. loT Security is a major challenging area 
in Cyber security. There is constant development 
of new techniques to secure loT devices to better 
protect against cyber-attacks on loT devices and 
networks, which are evolving and ever-changing. 
In complex networks, loT devices need to select 
and Identify Key attributes and Protective 
strategies. However, developing X security 
measures for loT devices, have its own set of 
challenges. [5] 


Different Kinds of Attacks: IOT Attacks are 
broadly classified as Physical and Cyber Attacks 
as shown in Figure 5. Further Cyber-attacks can 
be divided into Active & Passive Attacks. In Cyber- 
attack, the attacker/intruder targets different loT 
devices, by hacking the system to alter, delete, 
steal, or destroy the User's information. In a 
Physical attack, the attacker directly causes 
physical damage to loT devices. Eg: Mobiles, 
cameras, routers, sensors, etc. Active Attacks: 
When an attacker access the network to interrupt 
certain user services, such attacks are called 
Active Attacks. Examples of active attacks are 
spoofing, hole attacks, DOS, Man-in-Middle, Sybil 
attacks, Jamming, and Data Tampering. [6] 


TYPES OF ATTACKS IN IOT 


MALICIOUS INPUT ATTACKS 


SELECTIVE FORWARDING 
ATTACKS 


DATA TAMPERING 


MAN IN THE MIDDLE ATTACKS 


Fig. 5: Different Types of Attacks in IOT 
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3. Review of Literature 

To arrive at and understand the research 
trend in the security aspects of the loT using 
machine learning models, an initial survey is being 
conducted. The research focus is to explore the 
use of ML in the security domain so the further 
search is narrowed down to the use of ML for 
solving security problems in loT, which is about 
306 Journals within the timeline of 2010 till 2021. 
For research proposal writing selected papers 
including survey papers and other related work to 
the chosen problem domain is considered from 
2016 to date. However, a closer look reveals the 
fact that the papers on security using machine 
learning are only from 2016 onwards. 

Concerns regarding the risks to data 
security have exploded as a result of the growth of 
the loT. Factors like vulnerabilities, denial-of- 
service attacks, viruses, and intrusion attempts 
affect loT devices. The work carried out by [7] 
underlined the significance of high-quality training 
data for enhancing detection performance. The 
authors suggested a powerful IDS (“Intrusion 
Detection System") built on improved SVM 
("Support Vector Machines") characteristics. The 
study's empirical findings, which focused on 
getting new and higher-quality SVM detection, 
demonstrated useful values including strong 
performance, a high detection rate, and few false 
positive alarms. 

The authors in [7] discussed the loT 
security architecture based on SDN (Software- 
Defined Networking). This work defines the 
operation of the security architecture and 
summarizes the opportunities for using SDN to 
implement network security more effectively and 
flexibly. In this article, self-organizing networks' 
network access control, as well as global traffic 
monitoring, are taken into consideration, various 
architectural design decisions of SDN utilizing 
OpenFlow are highlighted and their effects on 
performance are examined. 

A recent survey discusses security issues, 
particularly about the loT, and the integration of 
physical devices with the network as the 
integration of real-world devices into cyber security 
threats is brought about in most daily activities [8]. 
Attacks against vital infrastructure, like power 
plants and public transportation, may have 
disastrous effects on whole towns and nations. 
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The researcher explored a studv regarding IDS 
methodologies for loT and thev also developed a 
taxonomv to categorize the papers utilized in the 
present research based оп characteristics, 
detection technique, IDS deplovment approach, 
security threat, and validation approach. It was 
also mentioned that the study of IDS approaches 
for loT is still in its early stages and that the 
suggested solutions do not cover a broad variety 
of threats and loT technologies. They also showed 
a Classification method to categorize the papers 
utilized in the present study, which is based on 
detection approaches, attributes, IDS placement 
strategies, verification strategies, and security 
threats. 

The author in [9] used three original-sized 
data sets called ISCX, KDDCUP99, and NSL-KDD 
for experimental purposes related to computer 
network intrusion detection. The study introduced 
an loT/Fog network threat detection system based 
on distributed DL. Experiments show that artificial 
intelligence has been successfully applied for 
network security purposes. A system for attack 
detection in a distributed architecture with loT uses 
(like smart cities) was also created and built by the 
author. Detection rate, false alarm rate, and 
accuracy are all performance measures used in 
the assessment process to compare the efficacy of 
the deep and shallow models. 


Table 1 
Citations | Year Problem Solution Dataset 
Context Approach 
[10] 2017 Attack SVM & | NSL_KDD 
Detection logarithm 
performance marginal 
density ratio 
transformation 
[11] 2015 Security Issue | Survey 
[12] 2017 Security Survey 
Issue, cyber 
threats 
[13] 2018 Intrusion Distributed KDDCUP9 
detection deep learning 9, ISCX, 
and NSL- 
KDD 
[14] 2018 Compromised | decision trees | Customize 
Node d Dataset 
Identification 


Another research work by [15]suggested 
an IDS based on the protocol model method and 
ML. The system contains 2 detection steps. In the 
15 step, local identity, and network behavior data 
are gathered by devoted explorers to form a 
collection of properly classified examples using a 
supervised learning method based on decision 
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trees. In the 274 step, the global identities, the 
samples are aggregated by the super nodes to 
form time-based profiles, known as cumulative 
measures of volatility, for individual malicious & 
normal nodes. 

In the [16] the authors introduce a deep 

autoencoder-based model for network attack 
detection. The investigators assessed their 
proposed work with KDD-CUP 99 dataset, and 
94.71 percent of attack detection accuracy was 
attained. Their experimental findings 
demonstrated that their model outperformed deep 
belief networks in terms of performance. 
In the work of [17], researchers presented a hybrid 
genetic algorithm and SVM as well as a DoS attack 
detection scheme based on particle swarm 
optimization. The investigators implemented their 
suggested scheme with KDD 99 data set and 
attained an accuracy of 96.38%. Another work 
towards the application of ML in loT security 
successfully identified and categorized loT attacks 
with Bayesian and SVM [18]. 

The KDD Cup99 dataset was used by the 
authors to develop their model, and they attained 
an accuracy rate of 91.50 percent. In [19], the 
author proposed a model based on a deep neural 
network and wavelet transform to identify false 
data Injection attacks. The investigators 
implemented their scheme by using IEEE 118 data 
set. The attack detection accuracy is 91.80%. In 
[20], an extreme learning approach for loT 
intrusion detection based on linear discriminant 
analysis is suggested. The investigators employed 
the NSL KDD data set to assess the accuracy of 
the suggested scheme. The accuracy they 
achieved is 92.3596. However, none of these 
approaches focused on improving computational 
efficiency and they have not shown either their 
method provides similar performance when the 
attacking scenario is changed. 

There is no doubt that there has been a lot of 
research in the field of loT security, but there are 
still many important issues that need to be solved. 

» There is a lack of information in existing 
literature regarding the selection of suitable 
data sets for attack detection in the loT 
environment. Most research uses the 

KDD CUP and NSL KDD data sets, which 

are outdated and are associated with 

simulation artifacts. 
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There are few studies on the exploration of 
effective data sets in the preprocessing 
step. 
Most риһісіу available data sets lack the 
required functionalitv, lack proper labeling, 
incomplete network functionalitv, lack of 
original pcap files, and incomprehensible 
and/or incomplete CSV files. 
There is currently no standard research 
direction and guidance on the feature set 
that accurately distinguishes network 
traffic. 
Also, the existing research works lack 
providing information on what basis thev 
selected particular machine learning 
techniques. It is unclear which datasets 
апа intelligent techniques are most 
appropriate for designing an efficient and 
stable IDS for the loT ecosvstem. This 
requires an effective exploratorv studv. 
Table 2 


» 


REVIEW OF 
LITERATURE 
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To conduct effective benchmarking over a 
suitable dataset and evaluate performance 
over the other similar existing methods 


STUDY EXISTING 
SECURITY 
MECHANISM 


DETECTION OF 
CYBER ATTACKS 


Fig 6: Flow of Methodology Adopted 


Figure 6 shows the Overall Planning of 
Implementation of Proposed Study that we need to 
adopt. The work will be carried out in the following 


steps. 
Citations | Year | Problem Solution Dataset % In-depth Analysis of the existing literature 
Context Approach to explore research trends and open 
(211 2018 | Attack Deep- KDD-CUP issuċs 
detection autoencoder 99 : M А : š 
[22] 2018 | Denial of | The joint | KDD 99 w Comparative analysis of different security 
e о ыг mechanisms and cvber-attack detection 
T a SVMS and systems in the modern networking 
Particle swarm scenario like loT. 
2 РАНЕ optimization 3l KDD w Study of the different datasets used in the 
[23] ir Багаа. био proposed literature in the context of 
and network securitv. 
mitigation БЯ i 
[24] 2018 | False data | deep neural | IEEE 118 М Studv different tools and development 
injection network- — and environments to select the suitable 
attacks Wavelet platform for research execution. 
transform 9 : 3 
125| 2020 | Intrusion Extreme learning | М5 KDD = Design and development of robust cyber 
detection technique and attack detection system using Machine 
linear Learning technique 
discriminant 2, i i 
analysis w Design of experimental setup and 


performance assessment based on the 
simulation and other tools. 


4. Objectives of research work 

> To conduct exploratory analysis on the 
available datasets. 

> To design a preprocessing algorithm and 
carry out a feature engineering process to 
extract the final version of inputs to the 
security model. 

> То design and develop a learning model for 
the identification of both known and 
unknown attacks. 


4.1 Methods 

We utilize Python Scapy, an open-source 
Python library to gather the wireless network data 
and then extract features with the help of the 
suggested library depending on Scapy's built-in 
library support. The cyber security toolkit, 
CyberSecTK, is a simple Python package for 
preprocessing & feature extraction from data 
linked to cyber-security. Network packets are 
processed using Python Scapy functions. 
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4.2 Expected outcome 

= Detection of known and unknown attacks 
in the wireless network. 

= Higher accuracy and less false alarm rate 
in the detection process. 

=  Computationally efficient 

= Comparative analysis with the existing 
security systems. 

. To get a promising outcome against the 
attack on modern networking systems, 
thereby providing dynamic protection 
against various lethal attacks without much 
utilization of resources and improving 
network performances. 


5. Conclusion 

There is no doubt that there has been a 
lot of research in the field of loT security, but still, 
there are so many important issues that need to be 
solved. There is a lack of information in existing 
literature regarding the selection of suitable data 
sets for attack detection. Furthermore, 
understanding which approaches are most 
appropriate for securing the loT ecosystem is а 
challenging task owing to the involvement of a 
variety of devices and applications. The existing 
security schemes require modification and 
optimization in their design, development, and 
implementation process. Also, the existing 
research work lacks providing information on what 
basis thev selected particular machine learning 
techniques. So, conducting exploratorv analysis 
on the available datasets can be carried out 
further. 

Need to design a preprocessing algorithm 
and carrv out a feature engineering process to 
extract the final version of inputs to prepare 
advanced securitv models. To enhance securitv, 
designing and developing a learning model for the 
identification of both known and unknown attacks 
is still an open research challenge. 
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